Example usage for java.security.cert CertPathBuilder getInstance

List of usage examples for java.security.cert CertPathBuilder getInstance

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. CertPathBuilder
  6. getInstance

Introduction

In this page you can find the example usage for java.security.cert CertPathBuilder getInstance.

Prototype

public static CertPathBuilder getInstance(String algorithm) throws NoSuchAlgorithmException

Source Link

Document

Returns a CertPathBuilder object that implements the specified algorithm.

Usage

From source file:com.sk89q.mclauncher.security.X509KeyStore.java

/**
 * Verify that a given certificate is trusted.
 * //from  w  ww  .  j  a v a2 s .  co  m
 * @param chain certificate chain
 * @throws CertPathBuilderException thrown on verification error
 * @throws CertificateVerificationException thrown on any error
 */
public void verify(X509Certificate[] chain) throws CertificateVerificationException, CertPathBuilderException {
    try {
        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(chain[0]);

        // Root certificates
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate rootCert : rootCerts) {
            trustAnchors.add(new TrustAnchor(rootCert, null));
        }

        PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);

        pkixParams.setRevocationEnabled(true);

        // Built-in intermediate certificates
        pkixParams.addCertStore(
                CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts)));

        // Additional intermediate certificates
        pkixParams.addCertStore(
                CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(chain))));

        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
        builder.build(pkixParams); // Will error on failure to verify
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificateVerificationException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new CertificateVerificationException(e);
    }
}

From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java

/**
 * build and validate cert path from end certificate.
 *
 * Note: the certpath return seems only include intermediate CA unless there is none in
 * which case the end cert is returned./*from  ww w .  ja  v a2  s.com*/
 * @param endCert
 * @return CertPath  never null
 * @throws CertificatePathBuildingException
 */
private CertPath buildCertPath(X509Certificate endCert) throws CertificatePathBuildingException {

    CertPathBuilder cpb = null;
    try {
        cpb = CertPathBuilder.getInstance("PKIX");
    } catch (NoSuchAlgorithmException e) {
        throw new CertificatePathBuildingException("Error building CertPathBuilder:" + e.getMessage(), e);
    }

    PKIXBuilderParameters params = CreatePKIXBuilderParameters(endCert);
    CertPathBuilderResult cpbResult;
    try {
        cpbResult = cpb.build(params);
    } catch (CertPathBuilderException e) {
        throw new CertificatePathBuildingException(e.getMessage(), e.getCause());
    } catch (InvalidAlgorithmParameterException e) {
        throw new CertificatePathBuildingException(e.getMessage(), e);
    }

    CertPath cp = cpbResult.getCertPath();

    return cp;
}

From source file:com.vmware.identity.idm.IDPConfig.java

/**
 * Validate the chain is in the required order user's certificate first,
 * root CA certificate last including the case of only root CA is present.
 * Also validate that there is only one chain, which consists of all the
 * certificates listed./*w w  w . j a v a 2 s.  c om*/
 */
private static boolean validateSingleX509CertChain(List<X509Certificate> chain)
        throws ExternalIDPExtraneousCertsInCertChainException, ExternalIDPCertChainInvalidTrustedPathException {
    final String ALGO_PKIX = "PKIX"; //for X.509

    final String CERTSTORE_PROVIDER_COLLECTION = "Collection";

    try {
        Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
        anchors.add(new TrustAnchor(chain.get(chain.size() - 1), null));

        X509CertSelector targetCertSelector = new X509CertSelector();
        targetCertSelector.setCertificate(chain.get(0));

        CertStore builderStore = CertStore.getInstance(CERTSTORE_PROVIDER_COLLECTION,
                new CollectionCertStoreParameters(chain));

        PKIXBuilderParameters buildParams = new PKIXBuilderParameters(anchors, targetCertSelector);
        buildParams.addCertStore(builderStore);
        buildParams.setRevocationEnabled(false);

        CertPathBuilder pathBuilder = CertPathBuilder.getInstance(ALGO_PKIX);
        CertPathBuilderResult builderResult = pathBuilder.build(buildParams);

        if (chain.size() - 1 != builderResult.getCertPath().getCertificates().size()) {
            throw new ExternalIDPExtraneousCertsInCertChainException(chain);
        }
        return true;

    } catch (CertPathBuilderException cpbe) {
        throw new ExternalIDPCertChainInvalidTrustedPathException(cpbe.getMessage(), chain); // no need to chain the exception.
    } catch (GeneralSecurityException gse) {
        throw new ExternalIDPCertChainInvalidTrustedPathException(gse.getMessage(), chain);
    }
}